The Ponemon Institute’s global survey of over 3000 IT security professionals reveals some interesting takeaways about on the cloud data security of their organizations. Here are seven interesting facts from the study.
In 2016, the Ponemon Institute surveyed 3,476 IT and IT security professionals across the world on the cloud data security policies of their businesses and companies. Here are seven interesting takeaways from the study, from the surprising amount of shadow IT companies must squash to a business-wide lack of multi-factor authentication.
1) Companies Rely on the Cloud…a Lot
The cloud is popular. According to the study, 73% of IT professionals say cloud computing applications and platforms are crucial to business operations. That number is expected to jump to 81% over the next two years. There’s a good reason for that: an estimated 36 percent of respondents say cloud resources meet their data needs, a number that will likely increase to 45%, or nearly half of all respondents, in the next two years. An estimated 35% of all corporate data is currently stored in the cloud.
2) Cloud Security is a Major Issue
Despite the increased reliance on cloud computing, 70% of respondents say all that data on the cloud—including consumer data, customer information, email, employee records, and payment information—is difficult to protect using conventional security methods. On top of that, only 43% say their companies have clearly defined positions and policies for protecting sensitive cloud data, and only 21% of respondents say their security teams are involved in any cloud application strategy.
3) Shadow IT Runs Rampant
Shadow IT—all the cloud apps and services used by employees without IT department oversight—is still a big problem organizations must solve. On average, 47% of corporate data stored in the cloud is uncontrolled by an IT department. In fact, 55%—over half—of IT departments are doubtful they know about all the cloud services employees use without permission.
4) Companies Could Try Harder When it Comes to Data Protection
Cloud-based computing is clearly more important now to companies than ever before, but over half of respondents—56%—disagree that their companies are serious about protecting sensitive data and managing security in compliance with government regulations. Yet 65% of companies say they are committed to safeguarding sensitive information in the cloud, while only 43% have dedicated roles and guidelines for protecting information stored in the cloud. And only 40% say their companies have solid security and encryption policies in place.
5) Encryption and Key Management is Playing an Important Role
72% of respondents say the ability to encrypt sensitive data is vital, while 86% say it will become more important over the next two years. On average, organizations use 12 applications that require encryption of some kind. Also, on average, organizations use seven key management systems or encryption systems.
That said, only 42% of respondents use encryption to secure sensitive data in the cloud. And only 55% of IT professionals say their organization controls the keys when data is encrypted in the cloud.
6) Multi-Factor Authentication Needs a Bigger Presence
Companies are struggling with the management of cloud access, to the tune of 67% of respondents saying the control of user identities has become more difficult. Additionally, only 51% —half of all companies that took part in the study—say their companies use multi-factor authentication to ensure employees have safe access to cloud data, which means most employees are still only using a username and password to keep company data safe.
7) Companies Have a Lot of Work to do Before Regulations Kick In
In 2018, both the European Union’s General Data Protection Regulation (GDPR) and New York State’s Cybersecurity Regulation (23 NYCRR 500) will impose new laws that companies must follow to prevent the likelihood of future data breaches. Using the Ponemon Institute’s study and its findings as a basis, companies can focus on their weaknesses and work on increasing security, preserving control of sensitive data, and improving compliance with the new mandates about to take place. Improving data security and compliance isn't a small task, but partnering with cloud security companies like eperi, who offer strong cloud encryption services can help companies get the ball rolling.